General information 


e A OAuth token is an identifier provided by a provider (SG|Connect). 


e To provide this token, SG|Connect needs to have: 
e A client ID (found in application credentials page) 
* Å secret code 
e Some scope (found in application credentials page and API subscription page) 
e A grant type (Client credential, Implicit or Authorization code) 


e Depends to grant type, the process to get token Is different. 


e This token is used to identify application or user during interaction with 
other application 


Grant type « Client credential » 


e identify application only. 


e Used for « Application to Application » request (ex: 
request to SG|Doc). 


eIn CMT, used in most of Authentication profile to 
connect to partner API 


eLink (copy paste link instead of open it) 


Grant type « Client credential » 
Exemple 


°. Ex. 1: Token can be generated automat 
through authentication profile. 


Client information 


° Ex. 2: Token can be generated manually through 
postman with request to https://sgconnect- 
hom.fr.world.socgen/sq 


connect/oauth2/access token 


VALUE 


access toke! 


n": "51082nDD 
"scope": "api 


etworkee 


Grant type « Client credential » - 
Exemple 


e This token can be used to request API planned to use 


https://contacts-api-hom.fr. 


“names”: [ 


f5d9-9a8 


Grant type « Implicit » 
e identify application and user 

e Used for swagger 

e Supplementary login form is used 


e Link (copy paste link instead of open it) 


Grant type « Implicit » - Exemple 


b From swagger: 
htto://pequatweb007:8080/s0-swaqaer-ul-master/sg-swa 


swagger http://peguatweb007:8080/sg-swagger-ui-master/sg-swag | Authorize | | 


Hide Resnons 
Curl 
curl -X GET --header ‘Accept: application/json' --header ‘Authorization: Bearer STErVy-g4qghLtcXBsMC96e52P0c' “https: //peguatweba 
+ 


Request URL 
https: //peguatweb@@6: 7011/prweb/api/v1/workbaskets 


Response Body 


{ 
"status: "OK", 
"resultCount": 14, 
"results": [ 


{ 


Grant type « Authorization code » 


e identify application and user 

e Used for user request (Ex: Connection to CMT application) 

e Supplementary login form is used 

eIn CMT, used for user connection process and some API service 


eLink (copy paste link instead of open it) 


Grant type « Authorization code » - 
Exemple 


e Ex. 1: when connect to CMT with servlet PRWebLDAP3 


Standard v 


E] pyPortal (Data-Portal) 


Clipboard page: TokenAccessinfo 


E pyReportParameters temp (Code-Pega-List) Property Value 

&  pyReportParamPage (Embed-Querylnputs) access token xEYSIGalRVOBaLc3da8zA60HyNw 

&  pyResponseAttachmentPage (Data-ServiceMessage) expires in 599 

s pyTempFilterPage ($None) i taker eyJ0OeXAiOiJKVIQiLCJraWQiOiJFdvZZaUhlz2Fjcm9ibEJaMVZiVmcvSDR 


0 (TokenAccess) 


Nara Dagec 


Se ey eee 


dAY3BN1GZIqwyS5GY njpor bWayTKH76YUefp1-fb3n|/WMyWt7Fju. 


*Ex. 2: When MyCases request CMT API: 


er Header 
A a D r +, Sequence 58 RECT not, op ER ERECT D 
)11/prwet ) x FJ hMGae5g*/1&1 e lice-REST.pzTraceOpenRule&insKey=RULE-SERVICE-REST A 
@ peguatweb006.fr.world.socgen: D ]e5g"/!@ p e F R 


Timestamp Feb 26, 120 - 11:56:29 S 
11:56:45 (202002267105629.178 GMT) © play Ê Clear | % Settings ® 
Event Type Step Begin 
231 STANDARD 1 Dt/tab2d2_39t4_43a2_8510_c25aacatdZzeu Event Name Step Begin H SG-Int-SGLonnect-Access | okeninto-Access... SGLonnect U1-U1-12 
230 STANDARD 1 Set param.Authorization DF7Fa62d2. 3944 4342. 8510 c25aacafd2e0 Event Key RULE-OBJ-ACTIVITY @BASECLASS H SG-Int-SGConnect-AccessTokenInfo-Access... SGConnect 01-01-12 
229 STANDARD 1 3 D_Settings PXCALLCONNECTOR b SG-Data-Settings getSGSetting SG 01-03-10 
228 STANDARD 1 3 — Property-Set D. Settings $201608227155518.629 GMT D SG-Data-Settings getSGSetting SG 01-03-10 
227 STANDARD 1 3 — Gstring.isinteger(.Value) D Settings Thread Name STANDARD D å SG. N1-03-10 
226 STANDARD 1 3 — @String.isInteger(.Value) D Settings Requestor ID A379AF394C6A4FFCSE54FF41D53C24BEE © Properties on Page D_AccessTokenInfo - Google Chrome - 
225 STANDARD 1 3 — Property-Set D Settings Correlation ID A3T9AF394C6A4FFCSE54FF41D53C24BEE 
224 STANDARD 1 3 — Obj-Open D Settings Node ID cc4f92719fa53dc6fb5c99e2c8a59202 Ø| © about:blank 
223 STANDARD 1 3 — Obj-Open D Settings Work Pool SGCIB-OPERCMT-Work 
222 STANDARD 1 3 — Property-Map-DecisionTree D Settings Active PAL Stat pxDeclarativePageLoadElapsed D 
221 STANDARD 1 3 — Property-Map-DecisionTree D Settings Last Step @BASECLASS PXCALLCONNECTOR 
220 STANDARD i 3 D Settings #20160822T155518 629 GMT Step: 3 Circum: 
es GEES IfA e 0 Properties on Page D AccessTokenlnfo 
219 STANDARD 1 Set param.Authorization fa62d2 3954 43a2 8510 c25aacafd2e0 EE Pega-RulesEngine NES == 
218 STANDARD 1 Df7Fa62d2 3954 43a2 8510 c25aacafd2e0 Russer Veruca 07:40:27 
> 217 STANDARD 1 2 java D_AccessTokenInfo Standard pxObjClass SG-Data-SGConnect-AccessTokenlnfo 
a Jet 5 S EEK de - FREE EEE Activity Name PXCALLCONNECTOR E pzStatus valid 
local.resultPageName!="primary” )_AccessTokenInfo Activity Number = O| pxDPParameters NAME ERE 
214 STANDARD 1 2 — IocalresultPageName!="primary D AccessTokenInfo E = = 
arameter Page Name =unnamed= = 
213 STANDARD 1 2 Page-New D AccessTokenInfo - ccessToken m2ShYixSJENYGpmKq0O9xsFIQNA 
= Primary Page Class SG-Data-SGConnect-AccessTokeninfo 
212 STANDARD 1 2 Java D AccessTokenInfo ees ? 
211 STANDARD 1 2 Java D AccessTokenInfo Ss 
Step Method java Close 
210 STANDARD 1 2 D AccessTokenInfo See = 
209 STANDARD 1 1 local.requestAuthorizationHeader=="" =unnamed= vi Security erf cated 01-02-29 


Authorization Process 


e For service REST, CMT uses authentication service 
« SGOAuthAuthentication ». 
e Verify if token identify user. 
‘lf yes, then connect with this user. 


elf no, then connect with user defined in decision table 
« GetClientUser » 


e In DEV, SIT and UAT, hard coded token starts with « TNR_ » can be 
used 
e For servlet PRWebdLDAP3, CMT uses authentication service 
« WebLDAP3 ». 
* Redirect user to login form in SGConnect 
e Use token return by SGConnect to connect the user 


Remarks 


e Implicit token and authorization code token are similar. 
There is no verification process in CMT authentication. 


e SGConnect API can be used to verify grant type of a 
token and the user if exists. 


Link 


«SG Connect documentation 


e CMT API Swagger 


e CMT application credentials: this page indicates client ID 
available on CMT application with corresponding grant 


type and partner API 


e CMT API subscription: this page indicates all partner API 
which subscribe to CMT API. 


